> For the complete documentation index, see [llms.txt](https://docs.twosense.ai/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.twosense.ai/windows-authenticator/guides/gpo-installation.md). # Group Policy Deployment ## Overview This guide will help you deploy the Twosense Agent to your Windows computers using Group Policy. ## Steps ### 1. Create GPO for Twosense Installation #### 1.1 Software Package Settings Group policy has settings for targeting computers and settings to target users. This guide will focus on targeting computers. 1. Open the **Group Policy Management Console** (GPMC) on your domain controller. 2. Navigate to the **OU where you want to apply the GPO**, right-click and select **"Create a GPO in this domain, and Link it here..."**. 3. Name the GPO `Twosense Installation` and click OK. 4. Right-click the new GPO and select **Edit...**. 5. Navigate to **Computer Configuration > Policies > Software Settings > Software Installation**. 6. Right-click **Software Installation** and select **New > Package**. 7. Browse to the *Twosense MSI file* and click **Open**. > ⚠️ The MSI file must be on a network share that all computers in the OU can access. 8. On the Deploy Software dialog, select **Advanced** and click OK. 9. Add the version number to the *Name* field, e.g. `Twosense Authenticator 1.0.0`. 10. In the *Deployment* tab, select **Assigned**. ![Deploy Properties Screenshot](/files/M1f2tAW23GuHvWHJESdX) > ⚠️ If the *Install this application at logon* option is greyed out, click **Assigned** again. It should be enabled now. 11. Check the box for **Install this application at logon**. 12. Check the box for **Uninstall this application when it falls out of the scope of management**. *This will uninstall the software if the computer is moved out of the OU where the GPO is linked.* 13. On the *Modifications* tab, click **Add** and browse to the `*.mst` file that was provided to you. ![Modifications Screenshot](/files/65VtkjQ8g2euyrasjjIZ) > ⚠️ The MST file must be on a network share that all computers in the OU can access. 14. Click **OK** to close the *Properties* dialog. #### 1.2 Enable wait for network on startup In some environments, the installation may fail with error 1274. This is due to the computer not waiting for the network to be available before attempting to install the software. To fix this, you can enable the "Always wait for the network at computer startup and logon" policy. * In the GPO editor, navigate to *Computer Configuration > Policies > Administrative Templates > System > Logon*. * Double-click *"Always wait for the network at computer startup and logon"*. * Select *"Enabled"* and click *OK*. ![Always wait for network Screenshot](/files/m5GVaZmlGB0riVjYPWnw) ### 2. Test the GPO Deployment * In *Active Directory Users and Computers*, move a test computer to the OU where the GPO is linked. * Log in to the test computer and run *gpupdate /force* from the command prompt. * Restart the computer and log in again. > ℹ️ You can verify the installation by checking the *Add/Remove Programs* list in the Control Panel. However, the Twosense services may not be running yet. This is normal and the services will start after the next reboot. * To verify that the installation was successful. Restart the computer again and log in. The login event should show up in the Twosense portal under *"Event Log"*. ![Event Log Screenshot](/files/E7RvR2Kzg9j6JdRvz9cp) --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://docs.twosense.ai/windows-authenticator/guides/gpo-installation.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.